Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3750 Stack Problem

Hello,

I have inherited a problem with a stack of 4x 3750 switches. There is a TACACS configuration error on the stack that means I am unauthorized to configure any changes. Each switch has one interface connecting to the management network, but these interfaces are all down due to err-disable (channel-misconfig). If these connections were restored the TACACS server would be reachable and then I could configure the necessary changes.

Currently all switches are configured with a priority of 1 and Switch 2 in the stack is currently the master.

I am unable to sh/no sh the interfaces due to the TACACS problem. Is there any other way to clear the err-disable state?

Thanks

Steve

6 REPLIES
New Member

Re: 3750 Stack Problem

No local user account is defined on the stack? If not, I would suggest doing a password recovery procedure on the master which should enable you to create a local user account.

New Member

Re: 3750 Stack Problem

Hi,

To be honest I'm not sure as I haven't seen the config... inherited problem :-( But, at the moment the TACACS server is not reachable, so it is defaulting to the local enable password. When I try to enter "conf t" etc, I receive an authorization failed error, so I'm assuming the AAA authorization is misconfigured.

If I was able to bring any of the 4 management connections back up it would restore access to the TACACS server - and therefore I can login with TACACS account... and fix the config. I can't get these back up and running because all 4 connections are in "err-disable" state. So I need to know if there is a way to bring these interfaces back up without being able to shut/no shut? I've checked the errdisable recovery and it's disabled for channel-misconfig....

As this is on a live production stack, I don't want to go through the password recovery path. The other alternative I see is to reload one of the Stack members, which would clear the management interface and bring up access to the TACACS server.

The only concern I have with this is - all the switches are Stack priority of 1 (Switch 2 is the master at the moment). When I reload physically powercycle Switch 1 will this then cause a Master re-election on boot up and then cause all other switches to reload? I think usually this would only happen if the Stack master with higher priority is reloaded, but I'm not 100%. Does anyone know the circumstances for this happening?

Thanks in advance

Steve

Re: 3750 Stack Problem

You are going to at least need to reload - that alone may clear the err-disable state, and get you access, but I cannot make any guarantee.

If you need to reload anyway, you may as well go the sure-fire route and go though password recovery to get in.

Paul.

New Member

Re: 3750 Stack Problem

Thanks Paul

The reload should work, there was an error in the etherchannels between the Stack and the Management switches. When this was fixed the interfaces went to err-disabled, so the etherchannels should work once they are cleared.

At the moment Switch 1 has no connections apart from the Management interface, so I'll try the reload on it.

As I said before the only concern I have with this is whether or not this will cause the other devices to reload also?

Thanks

Re: 3750 Stack Problem

It should not cause the other switches in the stack to reload, but I have a niggle that as as they do quite a bit of state sharing between the switches in a stack (FIB tables etc) the stau *MAY* survive the power cycle of a single switch in the stack. If that's the only connection on that particular switch, it should not affect anything else so is worth a quick try on its own.

New Member

Re: 3750 Stack Problem

Thanks Paul. I agree, I'm haven't come across this before, I think I'll push back on a quick fix and get the topology labbed up first.

Cheers

285
Views
0
Helpful
6
Replies